Knowledge

User:Spicy/SPI admin guide

Source 📝

151: 407: 303: 234:
As a general rule, I will usually block IPs for the length of time that they seem to have been used by the sockmaster. If they've been on the IP for a month, block it for a month. If they come back on the same IP, block it for a few more months this time. If an IP has only been used for a day or so,
163:
abusive. Users who are soft-blocked (blocked with account creation enabled) for username violations are permitted to create a new account. Sequential use of accounts (i.e. one account starts editing after the other stops) is generally not considered to be a policy violation, even if the relationship
359:
Non-admin SPI clerks can request that an administrator block users at SPI. Any admin can act on this. The clerk will often specify how long the account/IP should be blocked, which makes things easy for you. Clerks typically know what they're talking about, but you are ultimately the one responsible
281:
If the behavioural evidence suggests a connection, but is not quite enough to block on its own, and at least one previous account has edited in the past few months, you can request CU to compare named accounts. Please leave a comment to explain your CU request. Do not request CU to connect accounts
272:
These are cases where CheckUser has not been requested. You should approach these by evaluating the behavioural evidence presented. If you are convinced that the reported user is engaging in sockpuppetry, block and/or warn as appropriate and close the case. If you don't find the evidence convincing
350:
These are cases where CU has been requested but not yet run, endorsed or declined. If the socking is obvious, you can just block the user. However, you should leave the case open for a clerk or CU to evaluate the CU request. Closing a case in this situation is effectively declining the CU request,
466:
If the master account is globally locked or there is a notice on the SPI page about cross-wiki abuse, it's a good idea to request global locks on the sock accounts and note that you have done so. There's a checkbox for this in the "Block/tag socks" dialog of SPIhelper. But if you don't want to do
230:
IPs should only be blocked at SPI if they are actively editing (i.e. have edited within the past 24-48 hours) or if there is evidence that the IP/range has been used by the sockmaster for at least a week or so. Otherwise an IP block is unlikely to accomplish anything. If an IP made 2 edits a week
376:
These are cases where a clerk, CU or admin has requested additional evidence from the filer. Sometimes the filer will provide more evidence and you can treat this as you would an "open" case. Sometimes they won't, and if it's been a week or so and they haven't responded you can just close it.
277:
If the reported users are clearly different people, or the behaviour is not a violation of the sockpuppetry policy, or the totality of the evidence is not enough to be reasonably certain that sockpuppetry is occurring, simply close the case without action and explain why you are doing
164:
between the accounts is undisclosed; the user may have just forgotten their password or wanted to change their username. Consider whether someone who appears to be editing while logged out is "IP socking" or if they merely forgot to log in.
219:
If you are going to block sockpuppet accounts but leave the master unblocked or partially blocked, block the socks with autoblock disabled (there's a checkbox for this in SPIhelper). Otherwise the master will be unable to
501: 235:
you probably shouldn't block it for much longer than that. Some IPs are static and some are dynamic but if you don't want to get into that I think this rule is OK as a first approximation.
124:
turn a pretty blue colour. You are not allowed to use the pretty blue colour, but you are permitted to informally say things such as "I think running a check would be a good idea", or to
27: 368:
These are cases where CheckUser was originally requested but was declined by a clerk or CU. These can basically be handled like "open" cases, except you can't request CU again.
33:
SPI has a reputation as a complex and insular area of the project, but with the right tools, it's not actually that scary. Before you start contributing, please install
194:
Sockpuppet accounts are blocked indefinitely. Sanctions for someone who's caught socking for the first time are subject to admin discretion and may include:
526:
However, if someone's requesting CU to connect an account and an IP, or an IP to an IP(!), feel free to close it as no one is ever going to run that check.
45:
As a patrolling administrator, you can handle most of the routine tasks at SPI. There are only a few activities that are restricted to CUs and clerks:
446: 403:
and have an SPI clerk do it if you want. However, this might make the clerks sad and SPIhelper's dropdown menu makes tagging pretty easy.
289:
meritless but there isn't enough behavioural evidence to block or request CU, or if CU is not possible, you can change the case status to
120:, which is essentially an affirmation by a clerk that the check is within policy and a CU should run it. Endorsement makes the listing on 394: 484: 536: 438:
If the CU result is a bit weaker but still supportive of socking (e.g. "likely" or "possilikely") you can tag as "proven".
26:
This page is intended as a quick guide for admins who want to begin patrolling SPI. Further guidance is available at
34: 424:
Don't tag accounts with egregiously offensive usernames. This only serves to publicize the inappropriate username.
459:
Cases should generally be filed under the oldest account. If this is not the case, you can change the status to
310:
These are cases where a CU has run a check but has not fully actioned the case. This typically occurs because
441:
Proven tags can also be used if CU was not run or was unhelpful but the behaviour is extremely obvious (e.g.
264:, cases are sorted by their status. Here is some guidance on how to handle cases according to their status. 216:
A partial block (rare, but sometimes useful for COI editors or people who are obsessed with a certain page)
338:
provide some guidance on how to interpret and action CU results. For IPs, see the comments on IP blocks in
213:
An indefinite block if the socking is particularly disruptive, or if there are other serious conduct issues
488: 227:
If someone socks again after a previous block or warning, they should probably be blocked indefinitely.
360:
for the block, so don't feel obligated to act on one of these requests if you're not confident in it.
330:
In these cases, you should evaluate the behaviour in conjunction with the CU result (if applicable).
435:
If the CU says the accounts are "confirmed" or "technically indistinguishable", tag as confirmed.
248: 421:
Some LTAs like the attention and will have a notice on their SPI page saying not to tag them.
399:
As a patrolling admin, you don't necessarily have to tag socks. You can change the status to
455:
Clerks can do some weird stuff with dual tags but that's generally not worth worrying about.
335: 201: 175: 8: 517:
if it's an IPv6 and if you want to be thorough, maybe look at the /24 or /20 for an IPv4.
251:, it is usually not worthwhile to block accounts that have not edited in several months. 145: 167:
Sometimes people use multiple accounts or IPs inappropriately but are not necessarily
487:(shows when an account was created and whether or not it is likely stale for CU) and 427:
I don't always bother to tag low effort spam/vandalism socks but it's fine if you do.
185: 141: 502:
Knowledge:Sockpuppet_investigations/SPI/Clerk_and_checkuser_procedures#Patrolling
331: 317:
The CU result was conclusive but the CU is undecided on which sanctions to apply
244:
convinced that they're a spammer, vandal, etc. you can just block them for that.
306:
A lazy CheckUser engages in recreational activities instead of blocking socks
261: 121: 535:
You can figure this out by checking CentralAuth or, preferably, installing
514: 150: 406: 442: 17: 314:
The CU result was not conclusive and behavioural evaluation is needed
302: 28:
Knowledge:Sockpuppet_investigations/SPI/Administrators_instructions
467:
this, don't worry as the archiving clerk will probably catch it.
415:
Most accounts blocked at SPI should be tagged. Four exceptions:
320:
The filing involves IPs and CUs will not connect IPs to accounts
380: 210:
A temporary block (generally lasting a few days to two weeks)
293:
and request additional behavioural evidence from the filer.
116:"Endorsing" a CU request means changing the case status to 108:
Tell someone that they suck at SPI and need to stop posting
339: 240:
If you're not convinced that someone is a sock, but you
135: 342:. For the most part, stale accounts can be left alone. 432:
Generally, the oldest account is tagged as the master.
395:
User:Blablubbs/SPI clerking cheat sheet § Tagging
418:
Don't tag accounts that are only temporarily blocked.
388: 282:
and IPs as this is forbidden by the privacy policy.
323:Some of the accounts in the case were stale for CU 74:block someone if you don't think they're a sock 83:Request additional information from the filer 255: 86:Request that a clerk merge or rename a case 381:Endorsed, relisted, on hold, clerk request 405: 301: 149: 485:User:Blablubbs/cuStalenesseverywhere.js 463:to request that a clerk move the page. 14: 491:(shows if an account has been tagged). 385:These ones should just be left alone. 340:#General advice on blocks and warnings 537:User:GeneralNotability/mark-locked.js 171:to mislead or disrupt. The templates 136:General advice on blocks and warnings 37:as it will make things a lot easier. 96:Endorse or relist CheckUser requests 23: 389:Tagging and other clerical matters 159:Usage of multiple accounts is not 128:a check by changing the status to 40: 24: 551: 500:Clerks can actually do this. See 449:shows up to make the same edits). 354: 273:enough, you have a few choices: 154:Not all socks are created equal. 35:User:GeneralNotability/spihelper 460: 400: 290: 129: 117: 105:Merge or rename a case yourself 529: 520: 507: 494: 477: 445:gets blocked and the next day 13: 1: 452:Otherwise, tag as suspected. 363: 345: 191:are useful for this purpose. 7: 371: 10: 556: 489:User:RoySmith/tag-check.js 392: 297: 247:As blocks are meant to be 231:ago, just close the case. 139: 99:Decline CheckUser requests 483:Other useful scripts are 470: 256:Handling cases by status 410:An example of dual tags 267: 411: 307: 155: 80:Add CheckUser requests 409: 305: 153: 140:Further information: 336:User:Blablubbs/8ball 102:Archive closed cases 89:Request global locks 58:Things you can't do 515:check the /64 first 412: 351:which is a no-no. 308: 285:If the case isn't 207:for minor offenses 197:A warning such as 156: 114: 113: 547: 539: 533: 527: 524: 518: 511: 505: 498: 492: 481: 462: 402: 292: 206: 200: 190: 184: 180: 174: 131: 119: 48: 47: 555: 554: 550: 549: 548: 546: 545: 544: 543: 542: 534: 530: 525: 521: 512: 508: 499: 495: 482: 478: 473: 397: 391: 383: 374: 366: 357: 348: 332:User:ST47/8ball 300: 270: 258: 204: 198: 188: 182: 178: 172: 148: 138: 43: 41:Do's and don'ts 22: 21: 20: 12: 11: 5: 553: 541: 540: 528: 519: 506: 493: 475: 474: 472: 469: 457: 456: 453: 450: 439: 436: 433: 430: 429: 428: 425: 422: 419: 390: 387: 382: 379: 373: 370: 365: 362: 356: 355:Awaiting admin 353: 347: 344: 328: 327: 326:The CU is lazy 324: 321: 318: 315: 299: 296: 295: 294: 283: 279: 269: 266: 257: 254: 253: 252: 245: 238: 237: 236: 228: 225: 224: 223: 222: 221: 214: 211: 208: 192: 165: 137: 134: 112: 111: 110: 109: 106: 103: 100: 97: 92: 91: 90: 87: 84: 81: 78: 75: 69: 66: 60: 59: 56: 42: 39: 15: 9: 6: 4: 3: 2: 552: 538: 532: 523: 516: 510: 503: 497: 490: 486: 480: 476: 468: 464: 454: 451: 448: 447:User:Spicy2.0 444: 440: 437: 434: 431: 426: 423: 420: 417: 416: 414: 413: 408: 404: 396: 386: 378: 369: 361: 352: 343: 341: 337: 333: 325: 322: 319: 316: 313: 312: 311: 304: 288: 284: 280: 276: 275: 274: 265: 263: 262:main SPI page 250: 246: 243: 239: 233: 232: 229: 226: 218: 217: 215: 212: 209: 203: 196: 195: 193: 187: 177: 170: 166: 162: 158: 157: 152: 147: 143: 133: 127: 123: 107: 104: 101: 98: 95: 94: 93: 88: 85: 82: 79: 76: 73: 70: 67: 64: 63: 62: 61: 57: 54: 50: 49: 46: 38: 36: 31: 29: 19: 531: 522: 509: 496: 479: 465: 458: 398: 384: 375: 367: 358: 349: 329: 309: 286: 271: 259: 249:preventative 241: 205:}} 199:{{ 189:}} 183:{{ 179:}} 173:{{ 168: 160: 125: 115: 71: 52: 44: 32: 25: 202:uw-sockwarn 176:uw-agf-sock 161:necessarily 146:WP:GOODSOCK 77:Close cases 65:Block socks 51:Things you 443:User:Spicy 393:See also: 287:completely 142:WP:BADSOCK 18:User:Spicy 364:CUdecline 346:CUrequest 169:intending 130:CUrequest 68:Tag socks 372:Moreinfo 291:moreinfo 186:uw-login 298:Checked 260:On the 126:request 118:endorse 122:WP:SPI 471:Notes 461:clerk 401:clerk 220:edit. 16:< 513:But 334:and 268:Open 181:and 144:and 278:so. 242:are 72:Not 53:can 30:. 132:. 55:do 504:.

Index

User:Spicy
Knowledge:Sockpuppet_investigations/SPI/Administrators_instructions
User:GeneralNotability/spihelper
WP:SPI
WP:BADSOCK
WP:GOODSOCK
Photo of a sock store displaying a variety of colorful socks
uw-agf-sock
uw-login
uw-sockwarn
preventative
main SPI page
A man looks at an insect on a log through a magnifying glass
User:ST47/8ball
User:Blablubbs/8ball
#General advice on blocks and warnings
User:Blablubbs/SPI clerking cheat sheet § Tagging
A large black dog wearing a collar with two dog tags
User:Spicy
User:Spicy2.0
User:Blablubbs/cuStalenesseverywhere.js
User:RoySmith/tag-check.js
Knowledge:Sockpuppet_investigations/SPI/Clerk_and_checkuser_procedures#Patrolling
check the /64 first
User:GeneralNotability/mark-locked.js

Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.